Re: Snort / Barnyard2 Placement

[beenph <beenph () gmail com>]

On Wed, Sep 26, 2012 at 5:30 PM, Turnbough, Bradley E.
<bturnbough () belcan com> wrote:
> Say I have 50 Sensors and 1 web server with snorby / mysql / apache….
>
>
>
> Do you guys recommend putting barnyard2 on the 50 sensors and then inserting
> the data over to wire to the mysql database, or should I ship the U2 files
> over to the webserver with 1 instance of Barnyard2 and insert the data from
> there?
I would personally suggest over the wire for the reason that you want
to have context.

Each of your sensor represent a part of the network coverage, if you
aggregate them how do you
differentiate context if for example you are monitoring
two internal network that are different and have the same addressing.

-elz


> This e-mail transmission contains information that is confidential and may
> be privileged. It is intended only for the addressee(s) named above. If you
> receive this e-mail in error, please do not read, copy or disseminate it in
> any manner. If you are not the intended recipient, any disclosure, copying,
> distribution or use of the contents of this information is prohibited.
> Please reply to the message immediately by informing the sender that the
> message was misdirected. After replying, please erase it from your computer
> system. Your assistance in correcting this error is appreciated.
>
> ------------------------------------------------------------------------------
> How fast is your code?
> 3 out of 4 devs don\\\'t know how their code performs in production.
> Find out how slow your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219672;13503038;z?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!